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NEW QUESTION 1 
- (Topic 1) 
Which of the following pairings uses technology to enforce access control policies? 


A. Preventive/Administrative 
B. Preventive/Technical 

C. Preventive/Physical 

D. Detective/Administrative 


Answer: B 


Explanation: 

The preventive/technical pairing uses technology to enforce access control policies. 

TECHNICAL CONTROLS 

Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and 
software, and related devices. Technical controls are sometimes referred to as logical controls. 

Preventive Technical Controls 

Preventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources. Examples of these 
controls include: 

Access control software. Antivirus software. Library control systems. Passwords. 

Smart cards. Encryption. 

Dial-up access control and callback systems. 

Preventive Physical Controls 

Preventive physical controls are employed to prevent unauthorized personnel from entering computing facilities (i.e., locations housing computing resources, 
supporting utilities, computer hard copy, and input data media) and to help protect against natural disasters. Examples of these controls include: 

Backup files and documentation. Fences. 

Security guards. Badge systems. Double door systems. Locks and keys. Backup power. 

Biometric access controls. Site selection. 

Fire extinguishers. 

Preventive Administrative Controls 

Preventive administrative controls are personnel-oriented techniques for controlling people??s behavior to ensure the confidentiality, integrity, and availability of 
computing data and programs. Examples of preventive administrative controls include: 

Security awareness and technical training. Separation of duties. 

Procedures for recruiting and terminating employees. Security policies and procedures. 

Supervision. 

Disaster recovery, contingency, and emergency plans. User registration for computer access. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 2 
- (Topic 1) 
Which type of password token involves time synchronization? 


A. Static password tokens 

B. Synchronous dynamic password tokens 
C. Asynchronous dynamic password tokens 
D. Challenge-response tokens 


Answer: B 


Explanation: 

Synchronous dynamic password tokens generate a new unique password value at fixed time intervals, so the server and token need to be synchronized for the 
password to be accepted. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 37). 

Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 4: Access Control (page 136). 


NEW QUESTION 3 
- (Topic 1) 
Controlling access to information systems and associated networks is necessary for the preservation of their: 


A. Authenticity, confidentiality and availability 

B. Confidentiality, integrity, and availability. 

C. integrity and availability. 

D. authenticity,confidentiality, integrity and availability. 


Answer: B 
Explanation: 


Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity and availability. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 31. 


NEW QUESTION 4 
- (Topic 1) 
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is: 


A. concern that the laser beam may cause eye damage 
B. the iris pattern changes as a person grows older. 
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C. there is a relatively high rate of false accepts. 
D. the optical unit must be positioned so that the sun does not shine into the aperture. 


Answer: D 


Explanation: 

Because the optical unit utilizes a camera and infrared light to create the images, sun light can impact the aperture so it must not be positioned in direct light of 
any type. Because the subject does not need to have direct contact with the optical reader, direct light can impact the reader. 

An Iris recognition is a form of biometrics that is based on the uniqueness of a subject's iris. A camera like device records the patterns of the iris creating what is 
known as Iriscode. 

It is the unique patterns of the iris that allow it to be one of the most accurate forms of biometric identification of an individual. Unlike other types of biometics, the 
iris rarely changes over time. Fingerprints can change over time due to scaring and manual labor, voice patterns can change due to a variety of causes, hand 
geometry can also change as well. But barring surgery or an accident it is not usual for an iris to change. The subject has a high-resoulution image taken of their 
iris and this is then converted to Iriscode. The current standard for the lIriscode was developed by John Daugman. When the subject attempts to be authenticated 
an infrared light is used to capture the iris image and this image is then compared to the Iriscode. If there is a match the subject's identity is confirmed. The subject 
does not need to have direct contact with the optical reader so it is a less invasive means of authentication then retinal scanning would be. 

Reference(s) used for this question: AIO, 3rd edition, Access Control, p 134. AIO, 4th edition, Access Control, p 182. 

Wikipedia - http://en.wikipedia.org/wiki/Iris_recognition The following answers are incorrect: 

concern that the laser beam may cause eye damage. The optical readers do not use laser so, concern that the laser beam may cause eye damage is not an issue. 
the iris pattern changes as a person grows older. The question asked about the physical installation of the scanner, so this was not the best answer. If the question 
would have been about long term problems then it could have been the best choice. Recent research has shown that Irises actually do change over time: 
http:/Awww.nature.com/news/ageing- eyes-hinder-biometric-scans-1.10722 

there is a relatively high rate of false accepts. Since the advent of the lriscode there is a very low rate of false accepts, in fact the algorithm used has never had a 
false match. This all depends on the quality of the equipment used but because of the uniqueness of the iris even when comparing identical twins, iris patterns are 
unique. 


NEW QUESTION 5 
- (Topic 1) 
Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)? 


A. Authentication 
B. Administration 
C. Accounting 

D. Authorization 


Answer: B 


Explanation: 

Radius, TACACS and DIAMETER are classified as authentication, authorization, and accounting (AAA) servers. 

Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, Page 33. 

also see: 

The term "AAA" is often used, describing cornerstone concepts [of the AIC triad] Authentication, Authorization, and Accountability. Left out of the AAA acronym is 
Identification which is required before the three "A's" can follow. Identity is a claim, Authentication proves an identity, Authorization describes the action you can 
perform on a system once you have been identified and authenticated, and accountability holds users accountable for their actions. 

Reference: CISSP Study Guide, Conrad Misenar, Feldman p. 10-11, (c) 2010 Elsevier. 


NEW QUESTION 6 

- (Topic 1) 

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's 
identity which permit access to system services? 


A. Single Sign-On 
B. Dynamic Sign-On 
C. Smart cards 

D. Kerberos 


Answer: A 


Explanation: 

SSO can be implemented by using scripts that replay the users multiple log- ins against authentication servers to verify a user's identity and to permit access to 
system services. 

Single Sign on was the best answer in this case because it would include Kerberos. When you have two good answers within the 4 choices presented you must 
select the 

BEST one. The high level choice is always the best. When one choice would include the 

other one that would be the best as well. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 40. 


NEW QUESTION 7 
- (Topic 1) 
What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values? 


A. Mandatory model 
B. Discretionary model 
C. Lattice model 

D. Rule model 
Answer: C 


Explanation: 
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In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values. 
Reference(s) used for this question: 
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 8 
- (Topic 1) 
Which of the following would be used to implement Mandatory Access Control (MAC)? 


A. Clark-Wilson Access Control 
B. Role-based access control 

C. Lattice-based access control 
D. User dictated access control 


Answer: C 


Explanation: 

The lattice is a mechanism use to implement Mandatory Access Control (MAC) 

Under Mandatory Access Control (MAC) you have: Mandatory Access Control 

Under Non Discretionary Access Control (NDAC) you have: Rule-Based Access Control 

Role-Based Access Control 

Under Discretionary Access Control (DAC) you have: Discretionary Access Control 

The Lattice Based Access Control is a type of access control used to implement other access control method. A lattice is an ordered list of elements that has a 
least upper bound and a most lower bound. The lattice can be used for MAC, DAC, Integrity level, File Permission, and more 

For example in the case of MAC, if we look at common government classifications, we have the following: 

TOP SECRET 

SECRET ----------------------- | am the user at secret CONFIDENTIAL 

SENSITIVE BUT UNCLASSIFIED UNCLASSIFIED 

If you look at the diagram above where | am a user at SECRET it means that | can access document at lower classification but not document at TOP SECRET. 
The lattice is a list f ORDERED ELEMENT, in this case the ordered elements are classification levels. My least upper bound is SECRET and my most lower 
bound is UNCLASSIFIED. 

However the lattice could also be used for Integrity Levels such as: VERY HIGH 

HIGH 

MEDIUM ---------- lam a user, process, application at the medium level LOW 

VERY LOW 

In the case of of Integrity levels you have to think about TRUST. Of course if | take for example the the VISTA operating system which is based on Biba then 
Integrity Levels would be used. As a user having access to the system | cannot tell a process running with administrative privilege what to do. Else any users on 
the system could take control of the system by getting highly privilege process to do things on their behalf. So no read down would be allowed in this case and this 
is an example of the Biba model. 

Last but not least the lattice could be use for file permissions: RWX 

RW --------- User at this level 


If | am a user with READ and WRITE (RW) access privilege then | cannot execute the file 

because | do not have execute permission which is the X under linux and UNIX. 

Many people confuse the Lattice Model and many books says MAC = LATTICE, however the lattice can be use for other purposes. 

There is also Role Based Access Control (RBAC) that exists out there. It COULD be used to simulate MAC but it is not MAC as it does not make use of Label on 

objects indicating sensitivity and categories. MAC also require a clearance that dominates the object. 

You can get more info about RBAC at:http://csrc.nist.gov/groups/SNS/rbac/faq.html#03 Also note that many book uses the same acronym for Role Based Access 
Control and Rule 

Based Access Control which is RBAC, this can be confusing. 

The proper way of writing the acronym for Rule Based Access Control is RUBAC, unfortunately it is not commonly used. 

References: 

There is a great article on technet that talks about the lattice in VISTA: http://blogs.technet.com/b/steriley/archive/2006/07/21/442870.aspx 

also see: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access 
control systems (page 33). 

and 

http:/Awww.microsoft-watch.com/content/vista/gaging_vistas_integrity.html 


NEW QUESTION 9 

- (Topic 1) 

Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource 
access? 


A. Smart cards 

B. Single Sign-On (SSO) 

C. Symmetric Ciphers 

D. Public Key Infrastructure (PKI) 


Answer: B 
Explanation: 
The advantages of SSO include having the ability to use stronger passwords, easier administration as far as changing or deleting the passwords, minimize the 


risks of orphan accounts, and requiring less time to access resources. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 39. 


NEW QUESTION 10 
- (Topic 1) 
Which of the following is an example of a passive attack? 


A. Denying services to legitimate users 
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B. Shoulder surfing 
C. Brute-force password cracking 
D. Smurfing 


Answer: B 


Explanation: 

Shoulder surfing is a form of a passive attack involving stealing passwords, personal identification numbers or other confidential information by looking over 
someone's shoulder. All other forms of attack are active attacks, where a threat makes a modification to the system in an attempt to take advantage of a 
vulnerability. 

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 3: Security Management Practices (page 63). 


NEW QUESTION 10 

- (Topic 1) 

Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that 
maps naturally to an organization's structure? 


A. Access control lists 

B. Discretionary access control 
C. Role-based access control 

D. Non-mandatory access control 


Answer: C 


Explanation: 

Role-based access control (RBAC) gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to 
an organization's structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are given to users in that role. An 
access control list (ACL) is a table that tells a system which access rights each user has to a particular system object. With discretionary access control, 
administration is decentralized and owners of resources control other users' access. Non-mandatory access control is not a defined access control technique. 
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 9). 


NEW QUESTION 12 
- (Topic 1) 
What does the (star) property mean in the Bell-LaPadula model? 


A. No write up 
B. No read up 
C. No write down 
D. No read down 


Answer: C 


Explanation: 

The (star) property of the Bell-LaPadula access control model states that writing of information by a subject at a higher level of sensitivity to an object at a lower 
level of sensitivity is not permitted (no write down). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 202). 

Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 5: Security Models and Architecture (page 242, 
243). 


NEW QUESTION 14 
- (Topic 1) 
Which of the following centralized access control mechanisms is the least appropriate for mobile workers accessing the corporate network over analog lines? 


A. TACACS 
B. Call-back 
C. CHAP 

D. RADIUS 


Answer: B 


Explanation: 

Call-back allows for a distant user connecting into a system to be called back at a number already listed in a database of trusted users. The disadvantage of this 
system is that the user must be at a fixed location whose phone number is known to the authentication server. Being mobile workers, users are accessing the 
system from multiple 

locations, making call-back inappropriate for them. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 44). 


NEW QUESTION 18 

- (Topic 1) 

Rule-Based Access Control (RUBAC) access is determined by rules. Such rules would fit within what category of access control ? 
A. Discretionary Access Control (DAC) 

B. Mandatory Access control (MAC) 

C. Non-Discretionary Access Control (NDAC) 

D. Lattice-based Access control 


Answer: C 
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Explanation: 

Rule-based access control is a type of non-discretionary access control because this access is determined by rules and the subject does not decide what those 
rules will be, the rules are uniformly applied to ALL of the users or subjects. 

In general, all access control policies other than DAC are grouped in the category of non- discretionary access control (NDAC). As the name implies, policies in 
this category have rules that are not established at the discretion of the user. Non-discretionary policies establish controls that cannot be changed by users, but 
only through administrative action. 

Both Role Based Access Control (RBAC) and Rule Based Access Control (RUBAC) fall within Non Discretionary Access Control (NDAC). If it is not DAC or MAC 
then it is most likely NDAC. 

IT IS NOT ALWAYS BLACK OR WHITE 

The different access control models are not totally exclusive of each others. MAC is making use of Rules to be implemented. However with MAC you have 
requirements above and beyond having simple access rules. The subject would get formal approval from management, the subject must have the proper security 
clearance, objects must have labels/sensitivity levels attached to them, subjects must have the proper security clearance. If all of this is in place then you have 
MAC. 

BELOW YOU HAVE A DESCRIPTION OF THE DIFFERENT CATEGORIES: 

MAC = Mandatory Access Control 

Under a mandatory access control environment, the system or security administrator will define what permissions subjects have on objects. The administrator does 
not dictate user??s access but simply configure the proper level of access as dictated by the Data Owner. 

The MAC system will look at the Security Clearance of the subject and compare it with the object sensitivity level or classification level. This is what is called the 
dominance relationship. 

The subject must DOMINATE the object sensitivity level. Which means that the subject must have a security clearance equal or higher than the object he is 
attempting to access. 

MAC also introduce the concept of labels. Every objects will have a label attached to them indicating the classification of the object as well as categories that are 
used to impose the need to know (NTK) principle. Even thou a user has a security clearance of Secret it does not mean he would be able to access any Secret 
documents within the system. He would be allowed to access only Secret document for which he has a Need To Know, formal approval, and object where the user 
belong to one of the categories attached to the object. 

If there is no clearance and no labels then IT IS NOT Mandatory Access Control. 

Many of the other models can mimic MAC but none of them have labels and a dominance relationship so they are NOT in the MAC category. 

NISTR-7316 Says: 

Usually a labeling mechanism and a set of interfaces are used to determine access based on the MAC policy; for example, a user who is running a process at the 
Secret classification should not be allowed to read a file with a label of Top Secret. This is known as the ??simple security rule,?? or ??no read up.?? Conversely, 
a user who is running a process with a label of Secret should not be allowed to write to a file with a label of Confidential. This rule is called the ??*-property?? 
(pronounced ??star property??) or ??no write down.?? The *- property is required to maintain system security in an automated environment. A variation on this 
rule called the ??strict *-property?? requires that information can be written at, but not above, the subject??s clearance level. Multilevel security models such as 
the Bell-La Padula Confidentiality and Biba Integrity models are used to formally specify this kind of MAC policy. 

DAC = Discretionary Access Control 

DAC is also known as: Identity Based access control system. 

The owner of an object is define as the person who created the object. As such the owner has the discretion to grant access to other users on the network. Access 
will be granted based solely on the identity of those users. 

Such system is good for low level of security. One of the major problem is the fact that a user who has access to someone's else file can further share the file with 
other users without the knowledge or permission of the owner of the file. Very quickly this could become the wild wild west as there is no control on the 
dissimination of the information. 

RBAC = Role Based Access Control 

RBAC is a form of Non-Discretionary access control. 

Role Based access control usually maps directly with the different types of jobs performed by employees within a company. 

For example there might be 5 security administrator within your company. Instead of creating each of their profile one by one, you would simply create a role and 
assign the administrators to the role. Once an administrator has been assigned to a role, he will IMPLICITLY inherit the permissions of that role. 

RBAC is great tool for environment where there is a a large rotation of employees on a daily basis such as a very large help desk for example. 

RBAC or RuBAC = Rule Based Access Control RuUBAC is a form of Non-Discretionary access control. 

A good example of a Rule Based access control device would be a Firewall. A single set of rules is imposed to all users attempting to connect through the firewall. 
NOTE FROM CLEMENT: 

Lot of people tend to confuse MAC and Rule Based Access Control. 

Mandatory Access Control must make use of LABELS. If there is only rules and no label, it cannot be Mandatory Access Control. This is why they call it Non 
Discretionary Access control (NDAC). 

There are even books out there that are WRONG on this subject. Books are sometimes opiniated and not strictly based on facts. 

In MAC subjects must have clearance to access sensitive objects. Objects have labels that contain the classification to indicate the sensitivity of the object and the 
label also has categories to enforce the need to know. 

Today the best example of rule based access control would be a firewall. All rules are imposed globally to any user attempting to connect through the device. This 
is NOT the case with MAC. 

| strongly recommend you read carefully the following document: 

NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-731 6.pdf 

It is one of the best Access Control Study document to prepare for the exam. Usually | tell people not to worry about the hundreds of NIST documents and other 
reference. This document is an exception. Take some time to read it. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 

and 

NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf and 

Conrad, Eric; Misenar, Seth; Feldman, Joshua (2012-09-01). CISSP Study Guide (Kindle Locations 651-652). Elsevier Science (reference). Kindle Edition. 


NEW QUESTION 19 
- (Topic 1) 
Which of the following questions is less likely to help in assessing identification and authentication controls? 


A. Is a current list maintained and approved of authorized users and their access? 
B. Are passwords changed at least every ninety days or earlier if needed? 

C. Are inactive user identifications disabled after a specified period of time? 

D. Is there a process for reporting incidents? 


Answer: D 
Explanation: 


Identification and authentication is a technical measure that prevents unauthorized people (or unauthorized processes) from entering an IT system. Access control 
usually requires that the system be able to identify and differentiate among users. Reporting incidents is more related to incident response capability (operational 
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control) than to identification and authentication (technical control). 
Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages 
A-30 to A-32). 


NEW QUESTION 20 
- (Topic 1) 
Controls to keep password sniffing attacks from compromising computer systems include which of the following? 


A. static and recurring passwords. 
B. encryption and recurring passwords. 
C. one-time passwords and encryption. 
D. static and one-time passwords. 


Answer: C 


Explanation: 

To minimize the chance of passwords being captured one-time passwords would prevent a password sniffing attack because once used it is no longer valid. 
Encryption will also minimize these types of attacks. 

The following answers are correct: 

static and recurring passwords. This is incorrect because if there is no encryption then someone password sniffing would be able to capture the password much 
easier if it never changed. 

encryption and recurring passwords. This is incorrect because while encryption helps, recurring passwords do nothing to minimize the risk of passwords being 
captured. 

static and one-time passwords. This is incorrect because while one-time passwords will prevent these types of attacks, static passwords do nothing to minimize the 
risk of passwords being captured. 


NEW QUESTION 21 
- (Topic 1) 
Which of the following is NOT a type of motion detector? 


A. Photoelectric sensor 

B. Passive infrared sensors 
C. Microwave Sensor. 

D. Ultrasonic Sensor. 


Answer: A 


Explanation: 

A photoelectric sensor does not "directly" sense motion there is a narrow beam that won't set off the sensor unless the beam is broken. Photoelectric sensors, 
along with dry contact switches, are a type of perimeter intrusion detector. 

All of the other answers are valid types of motion detectors types. 

The content below on the different types of sensors is from Wikepedia: Indoor Sensors 

These types of sensors are designed for indoor use. Outdoor use would not be advised due to false alarm vulnerability and weather durability.Passive infrared 
detectors 


C:\Users\MCS\Desktop\1.jog Passive Infrared Sensor 

The passive infrared detector (PIR) is one of the most common detectors found in household and small business environments because it offers affordable and 
reliable functionality. The term passive means the detector is able to function without the need to generate and radiate its own energy (unlike ultrasonic and 
microwave volumetric intrusion detectors that are ??active?? in operation). PIRs are able to distinguish if an infrared emitting object is present by first learning the 
ambient temperature of the monitored space and then detecting a change in the temperature caused by the presence of an object. Using the principle of 
differentiation, which is a check of presence or nonpresence, PIRs verify if an intruder or object is actually there. Creating individual zones of detection where each 
zone comprises one or more layers can achieve differentiation. Between the zones there are areas of no sensitivity (dead zones) that are used by the sensor for 
comparison. 

Ultrasonic detectors 

Using frequencies between 15 kHz and 75 kHz, these active detectors transmit ultrasonic sound waves that are inaudible to humans. The Doppler shift principle is 
the underlying method of operation, in which a change in frequency is detected due to object motion. This is caused when a moving object changes the frequency 
of sound waves around it. Two conditions must occur to successfully detect a Doppler shift event: 

There must be motion of an object either towards or away from the receiver. 

The motion of the object must cause a change in the ultrasonic frequency to the receiver relative to the transmitting frequency. 

The ultrasonic detector operates by the transmitter emitting an ultrasonic signal into the area to be protected. The sound waves are reflected by solid objects (such 
as the surrounding floor, walls and ceiling) and then detected by the receiver. Because ultrasonic waves are transmitted through air, then hard-surfaced objects 
tend to reflect most of the ultrasonic energy, while soft surfaces tend to absorb most energy. 

When the surfaces are stationary, the frequency of the waves detected by the receiver will be equal to the transmitted frequency. However, a change in frequency 
will occur as a result of the Doppler principle, when a person or object is moving towards or away from the detector. Such an event initiates an alarm signal. This 
technology is considered obsolete by many alarm professionals, and is not actively installed. 

Microwave detectors 
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This device emits microwaves from a transmitter and detects any reflected microwaves or reduction in beam intensity using a receiver. The transmitter and 
receiver are usually combined inside a single housing (monostatic) for indoor applications, and separate housings (bistatic) for outdoor applications. To reduce 
false alarms this type of detector is usually combined with a passive infrared detector or "Dualtec" alarm. 

Microwave detectors respond to a Doppler shift in the frequency of the reflected energy, by a phase shift, or by a sudden reduction of the level of received energy. 
Any of these effects may indicate motion of an intruder. 

Photo-electric beams 

Photoelectric beam systems detect the presence of an intruder by transmitting visible or infrared light beams across an area, where these beams may be 
obstructed. To improve the detection surface area, the beams are often employed in stacks of two or more. However, if an intruder is aware of the technology's 
presence, it can be avoided. The technology can be an effective long-range detection system, if installed in stacks of three or more where the transmitters and 
receivers are staggered to create a fence-like barrier. Systems are available for both internal and external applications. To prevent a clandestine attack using a 
secondary light source being used to hold the detector in a 'sealed’ condition whilst an intruder passes through, most systems use and detect a modulated light 
source. 

Glass break detectors 

The glass break detector may be used for internal perimeter building protection. When glass breaks it generates sound in a wide band of frequencies. These can 
range from infrasonic, which is below 20 hertz (Hz) and can not be heard by the human ear, through the audio band from 20 Hz to 20 kHz which humans can hear, 
right up to ultrasonic, which is above 20 kHz and again cannot be heard. Glass break acoustic detectors are mounted in close proximity to the glass panes and 
listen for sound frequencies associated with glass breaking. Seismic glass break detectors are different in that they are installed on the glass pane. When glass 
breaks it produces specific shock frequencies which travel through the glass and often through the window frame and the surrounding walls and ceiling. Typically, 
the most intense frequencies generated are between 3 and 5 kHz, depending on the type of glass and the presence of a plastic interlayer. Seismic glass break 
detectors ??feel?? these shock frequencies and in turn generate an alarm condition. 

The more primitive detection method involves gluing a thin strip of conducting foil on the inside of the glass and putting low-power electrical current through it. 
Breaking the glass is practically guaranteed to tear the foil and break the circuit. 

Smoke, heat, and carbon monoxide detectors 


C:\Users\MCS\Desktop\1.jpog Heat Detection System 

Most systems may also be equipped with smoke, heat, and/or carbon monoxide detectors. These are also known as 24 hour zones (which are on at all times). 
Smoke detectors and heat detectors protect from the risk of fire and carbon monoxide detectors protect from the risk of carbon monoxide. Although an intruder 
alarm panel may also have these detectors connected, it may not meet all the local fire code requirements of a fire alarm system. 

Other types of volumetric sensors could be: 

Active Infrared 

Passive Infrared/Microware combined Radar 

Accoustical Sensor/Audio Vibration Sensor (seismic) Air Turbulence 


NEW QUESTION 23 
- (Topic 1) 
Which of the following is NOT a system-sensing wireless proximity card? 


A. magnetically striped card 
B. passive device 

C. field-powered device 

D. transponder 


Answer: A 


Explanation: 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 342. 


NEW QUESTION 24 
- (Topic 1) 
A network-based vulnerability assessment is a type of test also referred to as: 


A. An active vulnerability assessment. 

B. A routing vulnerability assessment. 

C. A host-based vulnerability assessment. 
D. A passive vulnerability assessment. 


Answer: A 


Explanation: 

A network-based vulnerability assessment tool/system either re-enacts system attacks, noting and recording responses to the attacks, or probes different targets 
to infer weaknesses from their responses. 

Since the assessment is actively attacking or scanning targeted systems, network-based vulnerability assessment systems are also called active vulnerability 
systems. 

There are mostly two main types of test: 

PASSIVE: You don't send any packet or interact with the remote target. You make use of public database and other techniques to gather information about your 
target. 

ACTIVE: You do send packets to your target, you attempt to stimulate response which will help you in gathering information about hosts that are alive, services 
runnings, port state, and more. 
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See example below of both types of attacks: 

Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, 
message, or any parts of the encryption system. Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than to 
detect and stop them. 

Altering messages , modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually 
doing something instead of sitting back and gathering data. Passive attacks are usually used to gain information prior to carrying out an active attack. 
IMPORTANT NOTE: 

On the commercial vendors will sometimes use different names for different types of scans. However, the exam is product agnostic. They do not use vendor terms 
but general terms. Experience could trick you into selecting the wrong choice sometimes. See feedback from Jason below: 

"lama system security analyst. It is my daily duty to perform system vulnerability analysis. We use Nessus and Retina (among other tools) to perform our network 
based vulnerability scanning. Both commercially available tools refer to a network based vulnerability scan as a "credentialed" scan. Without credentials, the scan 
tool cannot login to the system being scanned, and as such will only receive a port scan to see what ports are open and exploitable" 

Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 865). McGraw- Hill. Kindle Edition. 

and 

DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 97). 


NEW QUESTION 26 
- (Topic 1) 
Which one of the following authentication mechanisms creates a problem for mobile users? 


A. Mechanisms based on IP addresses 
B. Mechanism with reusable passwords 
C. one-time password mechanism. 
D. challenge response mechanism. 


Answer: A 


Explanation: 

Anything based on a fixed IP address would be a problem for mobile users because their location and its associated IP address can change from one time to the 
next. Many providers will assign a new IP every time the device would be restarted. For example an insurance adjuster using a laptop to file claims online. He goes 
to a different client each time and the address changes every time he connects to the ISP. 

NOTE FROM CLEMENT: 

The term MOBILE in this case is synonymous with Road Warriors where a user is contantly traveling and changing location. With smartphone today that may not 
be an issue but it would be an issue for laptops or WIFI tablets. Within a carrier network the IP will tend to be the same and would change rarely. So this question 
is more applicable to devices that are not cellular devices but in some cases this issue could affect cellular devices as well. 

The following answers are incorrect: 

mechanism with reusable password. This is incorrect because reusable password mechanism would not present a problem for mobile users. They are the least 
secure and change only at specific interval. 

one-time password mechanism. This is incorrect because a one-time password mechanism would not present a problem for mobile users. Many are based on a 
clock and not on the IP address of the user. 

challenge response mechanism. This is incorrect because challenge response mechanism would not present a problem for mobile users. 


NEW QUESTION 30 

- (Topic 1) 

Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these 
types of controls is correct? 


A. Examples of these types of controls include policies and procedures, securityawareness training, background checks, work habit checks but do not include a 
review of vacation history, and also do not include increased supervision. 

B. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols. 

C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. 

D. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation 
history, and increased supervision. 


Answer: C 


Explanation: 

Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, 
smart cards, access lists, and transmission protocols. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 35 
- (Topic 1) 
Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? 


A. Using a TACACS+ server. 

B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. 
C. Setting modem ring count to at least 5. 

D. Only attaching modems to non-networked hosts. 


Answer: B 


Explanation: 

Containing the dial-up problem is conceptually easy: by installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the 
firewall, any access to internal resources through the RAS can be filtered as would any other connection coming from the Internet. 

The use of a TACACS+ Server by itself cannot eliminate hacking. 

Setting a modem ring count to 5 may help in defeating war-dialing hackers who look for modem by dialing long series of numbers. 

Attaching modems only to non-networked hosts is not practical and would not prevent these hosts from being hacked. 

Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers. 
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NEW QUESTION 37 
- (Topic 1) 
What does the Clark-Wilson security model focus on? 


A. Confidentiality 
B. Integrity 

C. Accountability 
D. Availability 


Answer: B 


Explanation: 

The Clark-Wilson model addresses integrity. It incorporates mechanisms to enforce internal and external consistency, a separation of duty, and a mandatory 
integrity policy. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 40 
- (Topic 1) 
Organizations should consider which of the following first before allowing external access to their LANs via the Internet? 


A. plan for implementing workstation locking mechanisms. 

B. plan for protecting the modem pool. 

C. plan for providing the user with his account usage information. 
D. plan for considering proper authentication options. 


Answer: D 


Explanation: 

Before a LAN is connected to the Internet, you need to determine what the 

access controls mechanisms are to be used, this would include how you are going to authenticate individuals that may access your network externally through 
access control. 

The following answers are incorrect: 

plan for implementing workstation locking mechanisms. This is incorrect because locking the workstations have no impact on the LAN or Internet access. 

plan for protecting the modem pool. This is incorrect because protecting the modem pool has no impact on the LAN or Internet access, it just protects the modem. 
plan for providing the user with his account usage information. This is incorrect because the question asks what should be done first. While important your primary 
concern should be focused on security. 


NEW QUESTION 41 
- (Topic 1) 
Which of the following is most relevant to determining the maximum effective cost of access control? 


A. the value of information that is protected 

B. management's perceptions regarding data importance 

C. budget planning related to base versus incremental spending. 
D. the cost to replace lost data 


Answer: A 


Explanation: 
The cost of access control must be commensurate with the value of the information that is being protected. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49. 


NEW QUESTION 43 
- (Topic 1) 
Single Sign-on (SSO) is characterized by which of the following advantages? 


A. Convenience 

B. Convenience and centralized administration 

C. Convenience and centralized data administration 

D. Convenience and centralized network administration 


Answer: B 


Explanation: 

Convenience -Using single sign-on users have to type their passwords only once when they first log in to access all the network resources; and Centralized 
Administration as some single sign-on systems are built around a unified server administration system. This allows a single administrator to add and delete 
accounts across the entire network from one user interface. 

The following answers are incorrect: 

Convenience - alone this is not the correct answer. 

Centralized Data or Network Administration - these are thrown in to mislead the student. Neither are a benefit to SSO, as these specifically should not be allowed 
with just an SSO. 

References: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, page 35. 

TIPTON, Harold F. & HENRY, Kevin, Official (ISC)2 Guide to the CISSP CBK, 2007, page 180. 


NEW QUESTION 47 
- (Topic 1) 
Which of the following is used by RADIUS for communication between clients and servers? 
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A. TCP 
B. SSL 
C. UDP 
D. SSH 


Answer: C 


Explanation: 
Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, Page 33. 


NEW QUESTION 49 
- (Topic 1) 
Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations? 


A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access 
to. 

B. The initial logon process is cumbersome to discourage potential intruders. 

C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications. 

D. Once a user obtains access to the system through the initial log-on, he has to logout from all other systems 


Answer: A 


Explanation: 

Single Sign-On is a distrubuted Access Control methodology where an individual only has to authenticate once and would have access to all primary and 
secondary network domains. The individual would not be required to re-authenticate when they needed additional resources. The security issue that this creates is 
if a fraudster is able to compromise those credential they too would have access to all the resources that account has access to. 

All the other answers are incorrect as they are distractors. 


NEW QUESTION 50 
- (Topic 1) 
Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity? 


A. Discretionary Access Control 
B. Mandatory Access Control 
C. Sensitive Access Control 

D. Role-based Access Control 


Answer: A 


Explanation: 

Data owners decide who has access to resources based only on the identity of the person accessing the resource. 

The following answers are incorrect : 

Mandatory Access Control : users and data owners do not have as much freedom to determine who can access files. The operating system makes the final 
decision and can override the users' wishes and access decisions are based on security labels. 

Sensitive Access Control : There is no such access control in the context of the above question. 

Role-based Access Control : uses a centrally administered set of controls to determine how subjects and objects interact , also called as non discretionary access 
control. 

In a mandatory access control (MAC) model, users and data owners do not have as much freedom to determine who can access files. The operating system 
makes the final decision and can override the users?? wishes. This model is much more structured and strict and is based on a security label system. Users are 
given a security clearance (secret, top secret, confidential, and so on), and data is classified in the same way. The clearance and classification data is stored in the 
security labels, which are bound to the specific subjects and objects. When the system makes a decision about fulfilling a request to access an object, it is based 
on the clearance of the subject, the classification of the object, and the security policy of the system. The rules for how subjects access objects are made by the 
security officer, configured by the administrator, enforced by the operating system, and supported by security technologies 

Reference : Shon Harris , AlO v3 , Chapter-4 : Access Control , Page : 163-165 


NEW QUESTION 52 
- (Topic 1) 
What is called a password that is the same for each log-on session? 


A. "one-time password" 
B. "two-time password" 
C. static password 

D. dynamic password 


Answer: C 


Explanation: 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 53 

- (Topic 1) 

Which of the following would constitute the best example of a password to use for access to a system by a network administrator? 
A. holiday 

B. Christmas12 

C. Jenny 

D. GyN19Za! 


Answer: D 
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Explanation: 

GyN19Za! would be the the best answer because it contains a mixture of upper and lower case characters, alphabetic and numeric characters, and a special 
character making it less vulnerable to password attacks. 

All of the other answers are incorrect because they are vulnerable to brute force or dictionary attacks. Passwords should not be common words or names. The 
addition of a number to the end of a common word only marginally strengthens it because a common password attack would also check combinations of words: 
Christmas23 Christmas1 23 etc... 


NEW QUESTION 54 
- (Topic 1) 
Which of the following is not a physical control for physical security? 


A. lighting 
B. fences 
C. training 
D. facility construction materials 


Answer: C 


Explanation: 

Some physical controls include fences, lights, locks, and facility construction materials. Some administrative controls include facility selection and construction, 
facility management, personnel controls, training, and emergency response and procedures. 

From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 3rd. Ed., Chapter 6, page 403. 


NEW QUESTION 57 
- (Topic 1) 
The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something: 


A. you need. 
B. non-trivial 
C. you are. 

D. you can get. 


Answer: C 


Explanation: 
This is more commonly known as biometrics and is one of the most accurate ways to authenticate an individual. 
The rest of the answers are incorrect because they not one of the three recognized forms for Authentication. 


NEW QUESTION 59 
- (Topic 1) 
The end result of implementing the principle of least privilege means which of the following? 


A. Users would get access to only the info for which they have a need to know 
B. Users can access all systems. 

C. Users get new privileges added when they change positions. 

D. Authorization creep. 


Answer: A 


Explanation: 

The principle of least privilege refers to allowing users to have only the access they need and not anything more. Thus, certain users may have no need to access 
any of the files on specific systems. 

The following answers are incorrect: 

Users can access all systems. Although the principle of least privilege limits what access and systems users have authorization to, not all users would have a need 
to know to access all of the systems. The best answer is still Users would get access to only the info for which they have a need to know as some of the users may 
not have a need to access a system. 

Users get new privileges when they change positions. Although true that a user may indeed require new privileges, this is not a given fact and in actuality a user 
may require less privileges for a new position. The principle of least privilege would require that the rights required for the position be closely evaluated and where 
possible rights revoked. 

Authorization creep. Authorization creep occurs when users are given additional rights with new positions and responsibilities. The principle of least privilege 
should actually prevent authorization creep. 

The following reference(s) were/was used to create this question: ISC2 OIG 2007 p.101,123 

Shon Harris AlO v3 p148, 902-903 


NEW QUESTION 63 

- (Topic 1) 

Which of the following control pairings include: organizational policies and procedures, pre- employment background checks, strict hiring practices, employment 
agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior 
awareness, and sign-up procedures to obtain access to information systems and networks? 


A. Preventive/Administrative Pairing 
B. Preventive/Technical Pairing 

C. Preventive/Physical Pairing 

D. Detective/Administrative Pairing 
Answer: A 


Explanation: 
The Answer: Preventive/Administrative Pairing: These mechanisms include organizational policies and procedures, pre-employment background checks, strict 
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hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased 
supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 64 
- (Topic 1) 
Guards are appropriate whenever the function required by the security program involves which of the following? 


A. The use of discriminating judgment 

B. The use of physical force 

C. The operation of access control devices 
D. The need to detect unauthorized access 


Answer: A 


Explanation: 

The Answer The use of discriminating judgment, a guard can make the determinations that hardware or other automated security devices cannot make due to its 
ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment. Guards are better 
at making value decisions at times of incidents. They are appropriate whenever immediate, discriminating judgment is required by the security entity. 

The following answers are incorrect: 

The use of physical force This is not the best answer. A guard provides discriminating judgment, and the ability to discern the need for physical force. 

The operation of access control devices A guard is often uninvolved in the operations of an automated access control device such as a biometric reader, a smart 
lock, mantrap, etc. The need to detect unauthorized access The primary function of a guard is not to detect unauthorized access, but to prevent unauthorized 
physical access attempts and may deter social engineering attempts. 

The following reference(s) were/was used to create this question: 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: 
Physical security (page 339). 

Source: ISC2 Offical Guide to the CBK page 288-289. 


NEW QUESTION 67 
- (Topic 1) 
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ? 


A. TCSEC 
B. ITSEC 

C. DIACAP 
D. NIACAP 


Answer: A 


Explanation: 

The Answer TCSEC; The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. 

Initially issued by the National Computer Security Center (NCSC) an arm of the National Security Agency in 1983 and then updated in 1985, TCSEC was replaced 
with the development of the Common Criteria international standard originally published in 2005. 

References: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 197-199. 

Wikepedia http://en.wikipedia.org/wiki/TCSEC 


NEW QUESTION 68 
- (Topic 1) 
In regards to information classification what is the main responsibility of information (data) owner? 


A. determining the data sensitivity or classification level 
B. running regular data backups 

C. audit the data users 

D. periodically check the validity and accuracy of the data 


Answer: A 


Explanation: 

Making the determination to decide what level of classification the information requires is the main responsibility of the data owner. 

The data owner within classification is a person from Management who has been entrusted with a data set that belong to the company. It could be for example the 
Chief Financial Officer (CFO) who has been entrusted with all financial date or it could be the Human Resource Director who has been entrusted with all Human 
Resource data. The information owner will decide what classification will be applied to the data based on Confidentiality, Integrity, Availability, Criticality, and 
Sensitivity of the data. 

The Custodian is the technical person who will implement the proper classification on objects in accordance with the Data Owner. The custodian DOES NOT 
decide what classification to apply, it is the Data Owner who will dictate to the Custodian what is the classification to apply. 

NOTE: 

The term Data Owner is also used within Discretionary Access Control (DAC). Within DAC it means the person who has created an object. For example, if | create 
a file on my system then | am the owner of the file and | can decide who else could get access to the file. It is left to my discretion. Within DAC access is granted 
based solely on the Identity of the subject, this is why sometimes DAC is referred to as Identity Based Access Control. 

The other choices were not the best answer 

Running regular backups is the responsibility of custodian. Audit the data users is the responsibility of the auditors 

Periodically check the validity and accuracy of the data is not one of the data owner responsibility 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 14, Chapter 1: 
Security Management Practices. 


NEW QUESTION 72 
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- (Topic 1) 
In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the 
most accurate. Which of the following would be used to compare accuracy of devices? 


A. the CER is used. 
B. the FRR is used 
C. the FAR is used 
D. the FER is used 


Answer: A 


Explanation: 

equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from 
the ROC curve. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, the device with the lowest EER is most 
accurate. 

In the context of Biometric Authentication almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If 
the system's sensitivity is increased, such as in an airport metal detector, the system becomes increasingly selective and has a higher False Reject Rate (FRR). 
Conversely, if the sensitivity is decreased, the False Acceptance Rate (FAR) will increase. Thus, to have a valid measure of the system performance, the 
CrossOver Error Rate (CER) is used. 

The following are used as performance metrics for biometric systems: 

false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the 
database. It measures the percent of invalid inputs which are incorrectly accepted. In case of similarity scale, if the person is imposter in real, but the matching 
score is higher than the threshold, then he is treated as genuine that increase the FAR and hence performance also depends upon the selection of threshold 
value. 

false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template 
in the database. It measures the percent of valid inputs which are incorrectly rejected. 

failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality 
inputs. 

failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly. 

template capacity: the maximum number of sets of data which can be stored in the system. Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten 

Domains of Computer Security, 2001, John Wiley & Sons, Page 37. and 

Wikipedia at: https://en.wikipedia.org/wiki/Biometrics 


NEW QUESTION 73 
- (Topic 1) 
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? 


A. Preventive/Technical Pairing 

B. Preventive/Administrative Pairing 
C. Preventive/Physical Pairing 

D. Detective/Administrative Pairing 


Answer: B 


Explanation: 

Soft Control is another way of referring to Administrative control. 

Technical and Physical controls are NOT soft control, so any choice listing them was not the best answer. 

Preventative/Technical is incorrect because although access control can be technical control, it is commonly not referred to as a "soft" control 
Preventative/Administrative is correct because access controls are preventative in nature. it is always best to prevent a negative event, however there are times 
where controls might fail and you cannot prevent everything. Administrative controls are roles, responsibilities, 

policies, etc which are usually paper based. In the administrative category you would find audit, monitoring, and security awareness as well. 
Preventative/Physical pairing is incorrect because Access controls with an emphasis on "soft" mechanisms conflict with the basic concept of physical controls, 
physical controls are usually tangible objects such as fences, gates, door locks, sensors, etc... 

Detective/Administrative Pairing is incorrect because access control is a preventative control used to control access, not to detect violations to access. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 74 
- (Topic 1) 
What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time? 


A. Authentication 
B. Identification 
C. Integrity 

D. Confidentiality 


Answer: A 


Explanation: 
Authentication is verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 77 
- (Topic 1) 
Which of the following is not a security goal for remote access? 


A. Reliable authentication of users and systems 

B. Protection of confidential data 

C. Easy to manage access control to systems and network resources 
D. Automated login for remote users 


Passing Certification Exams Made Easy visit - httos:/www.2PassEasy.com 


Welcome to download the Newest 2passeasy SSCP dumps 


@ 2 P asseas y https://www.2passeasy.com/dumps/SSCP/ (1074 New Questions) 


Answer: D 


Explanation: 

An automated login function for remote users would imply a weak authentication, thus certainly not a security goal. 

Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition, volume 2, 2001, CRC Press, Chapter 5: An Introduction 
to Secure Remote Access (page 100). 


NEW QUESTION 82 
- (Topic 1) 
Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier? 


A. Dynamic authentication 
B. Continuous authentication 
C. Encrypted authentication 
D. Robust authentication 


Answer: B 


Explanation: 

Continuous authentication is a type of authentication that provides protection against impostors who can see, alter, and insert information passed between the 
claimant and verifier even after the claimant/verifier authentication is complete. These are typically referred to as active attacks, since they assume that the 
imposter can actively influence the connection between claimant and verifier. One way to provide this form of authentication is to apply a digital signature algorithm 
to every bit of data that is sent from the claimant to the verifier. There are other combinations of cryptography that can provide this form of authentication but 
current strategies rely on applying some type of cryptography to every bit 

of data sent. Otherwise, any unprotected bit would be suspect. Robust authentication relies on dynamic authentication data that changes with each authenticated 
session between a claimant and a verifier, but does not provide protection against active attacks. Encrypted authentication is a distracter. 

Source: GUTTMAN, Barbara & BAGWILL, Robert, NIST Special Publication 800-xx, Internet Security Policy: A Technical Guide, Draft Version, May 25, 2000 
(page 34). 


NEW QUESTION 83 

- (Topic 1) 

A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A 
database security mechanism that enforces this policy would typically be said to provide which of the following? 


A. Content-dependent access control 
B. Context-dependent access control 
C. Least privileges access control 

D. Ownership-based access control 


Answer: A 


Explanation: 

When access control is based on the content of an object, it is considered to be content dependent access control. 

Content-dependent access control is based on the content itself. The following answers are incorrect: 

context-dependent access control. Is incorrect because this type of control is based on what the context is, facts about the data rather than what the object 
contains. 

least privileges access control. Is incorrect because this is based on the least amount of rights needed to perform their jobs and not based on what is contained in 
the database. ownership-based access control. Is incorrect because this is based on the owner of the data and and not based on what is contained in the 
database. 

References: 

OIG CBK Access Control (page 191) 


NEW QUESTION 86 
- (Topic 1) 
In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on : 


A. sex of a person 

B. physical attributes of a person 
C. age of a person 

D. voice of a person 


Answer: B 
Explanation: 


Today implementation of fast, accurate reliable and user-acceptable biometric identification systems is already under way. 
From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Page 7. 


NEW QUESTION 91 
- (Topic 1) 
The Orange Book is founded upon which security policy model? 


A. The Biba Model 

B. The Bell LaPadula Model 
C. Clark-Wilson Model 

D. TEMPEST 

Answer: B 


Explanation: 
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From the glossary of Computer Security Basics: 

The Bell-LaPadula model is the security policy model on which the Orange Book requirements are based. From the Orange Book definition, "A formal state 
transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into 
abstract sets of subjects and objects. The notion of secure state is defined and it is proven that each state transition preserves security by moving from secure 
state to secure state; thus, inductively proving the system is secure. A system state is defined to be 'secure' if the only permitted access modes of subjects to 
objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is 
compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode." 

The Biba Model is an integrity model of computer security policy that describes a set of rules. In this model, a subject may not depend on any object or other 
subject that is less trusted than itself. 

The Clark Wilson Model is an integrity model for computer security policy designed for a commercial environment. It addresses such concepts as nondiscretionary 
access control, privilege separation, and least privilege. TEMPEST is a government program that prevents the compromising electrical and electromagnetic signals 
that emanate from computers and related equipment from being intercepted and deciphered. 

Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991. 

Also: U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD. December 1985 (also available here). 


NEW QUESTION 93 

- (Topic 1) 

Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the 
amount and impact of unintentional errors that are entering the system? 


A. Detective Controls 

B. Preventative Controls 
C. Corrective Controls 
D. Directive Controls 


Answer: B 


Explanation: 

In the Operations Security domain, Preventative Controls are designed to prevent unauthorized intruders from internally or externally accessing the system, and to 
lower the amount and impact of unintentional errors that are entering the system. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: 
Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 217. 


NEW QUESTION 95 
- (Topic 1) 
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? 


A. Basement 
B. Ground floor 
C. Third floor 
D. Sixth floor 


Answer: C 


Explanation: 

You data center should be located in the middle of the facility or the core of a building to provide protection from natural disasters or bombs and provide easier 
access to emergency crewmembers if necessary. By being at the core of the facility the external wall would act as a secondary layer of protection as well. 
Information processing facilities should not be located on the top floors of buildings in case of a fire or flooding coming from the roof. Many crimes and theft have 
also been conducted by simply cutting a large hole on the roof. 

They should not be in the basement because of flooding where water has a natural tendancy to flow down :-) Even a little amount of water would affect your 
operation 

considering the quantity of electrical cabling sitting directly on the cement floor under under your raise floor. 

The data center should not be located on the first floor due to the presence of the main entrance where people are coming in and out. You have a lot of high traffic 
areas such as the elevators, the loading docks, cafeteria, coffee shopt, etc.. Really a bad location for a data center. 

So it was easy to come up with the answer by using the process of elimination where the top, the bottom, and the basement are all bad choices. That left you with 
only one possible answer which is the third floor. 

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 5th Edition, Page 425. 


NEW QUESTION 97 
- (Topic 1) 
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: 


A. Mandatory Access Control 

B. Discretionary Access Control 

C. Non-Discretionary Access Control 
D. Rule-based Access control 


Answer: C 


Explanation: 

A central authority determines what subjects can have access to certain objects based on the organizational security policy. 

The key focal point of this question is the 'central authority’ that determines access rights. Cecilia one of the quiz user has sent me feedback informing me that 
NIST defines MAC as: 

"MAC Policy means that Access Control Policy Decisions are made by a CENTRAL 

AUTHORITY. Which seems to indicate there could be two good answers to this question. 

However if you read the NISTR document mentioned in the references below, it is also mentioned that: MAC is the most mentioned NDAC policy. So MAC is a 
form of NDAC policy. 

Within the same document it is also mentioned: "In general, all access control policies other than DAC are grouped in the category of non- discretionary access 
control (NDAC). As the name implies, policies in this category have rules that are not established at the discretion of the user. Non-discretionary policies establish 
controls that cannot be changed by users, but only through administrative action." 

Under NDAC you have two choices: 
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Rule Based Access control and Role Base Access Control 

MAC is implemented using RULES which makes it fall under RBAC which is a form of NDAC. It is a subset of NDAC. 

This question is representative of what you can expect on the real exam where you have more than once choice that seems to be right. However, you have to look 
closely if one of the choices would be higher level or if one of the choice falls under one of the other choice. In this case NDAC is a better choice because MAC is 
falling under NDAC through the use of Rule Based Access Control. 

The following are incorrect answers: MANDATORY ACCESS CONTROL 

In Mandatory Access Control the labels of the object and the clearance of the subject 

determines access rights, not a central authority. Although a central authority (Better known as the Data Owner) assigns the label to the object, the system does 
the determination of access rights automatically by comparing the Object label with the Subject clearance. The subject clearance MUST dominate (be equal or 
higher) than the object being accessed. 

The need for a MAC mechanism arises when the security policy of a system dictates that: 

1. Protection decisions must not be decided by the object owner. 

2. The system must enforce the protection decisions (i.e., the system enforces the security policy over the wishes or intentions of the object owner). 

Usually a labeling mechanism and a set of interfaces are used to determine access based on the MAC policy; for example, a user who is running a process at the 
Secret classification should not be allowed to read a file with a label of Top Secret. This is known as the ??simple security rule,?? or ??no read up.?? 

Conversely, a user who is running a process with a label of Secret should not be allowed to write to a file with a label of Confidential. This rule is called the 
2??*-property?? (pronounced 

??star property??) or ??no write down.?? The *-property is required to maintain system security in an automated environment. 

DISCRETIONARY ACCESS CONTROL 

In Discretionary Access Control the rights are determined by many different entities, each of the persons who have created files and they are the owner of that file, 
not one central authority. 

DAC leaves a certain amount of access control to the discretion of the object's owner or anyone else who is authorized to control the object's access. For example, 
it is generally used to limit a user's access to a file; it is the owner of the file who controls other users' accesses to the file. Only those users specified by the owner 
may have some combination of read, write, execute, and other permissions to the file. 

DAC policy tends to be very flexible and is widely used in the commercial and government sectors. However, DAC is known to be inherently weak for two reasons: 
First, granting read access is transitive; for example, when Ann grants Bob read access to a file, nothing stops Bob from copying the contents of Ann??s file to an 
object that Bob controls. Bob may now grant any other user access to the copy of Ann??s file without Ann??s knowledge. 

Second, DAC policy is vulnerable to Trojan horse attacks. Because programs inherit the identity of the invoking user, Bob may, for example, write a program for 
Ann that, on the surface, performs some useful function, while at the same time destroys the contents of Ann??s files. When investigating the problem, the audit 
files would indicate that Ann destroyed her own files. Thus, formally, the drawbacks of DAC are as follows: 

Discretionary Access Control (DAC) Information can be copied from one object to another; therefore, there is no real assurance on the flow of information in a 
system. 

No restrictions apply to the usage of information when the user has received it. 

The privileges for accessing objects are decided by the owner of the object, rather than through a system-wide policy that reflects the organization? ?s security 
requirements. 

ACLs and owner/group/other access control mechanisms are by far the most common mechanism for implementing DAC policies. Other mechanisms, even 
though not designed with DAC in mind, may have the capabilities to implement a DAC policy. 

RULE BASED ACCESS CONTROL 

In Rule-based Access Control a central authority could in fact determine what subjects can 

have access when assigning the rules for access. However, the rules actually determine the access and so this is not the most correct answer. 

RuBAC (as opposed to RBAC, role-based access control) allow users to access systems and information based on pre determined and configured rules. It is 
important to note that there is no commonly understood definition or formally defined standard for rule-based access control as there is for DAC, MAC, and RBAC. 
??Rule-based access?? is a generic term applied to systems that allow some form of organization-defined rules, and therefore rule-based access control 
encompasses a broad range of systems. RUBAC may in fact be combined with other models, particularly RBAC or DAC. A RUBAC system intercepts every access 
request and compares the rules with the rights of the user to make an access decision. Most of the rule-based access control relies on a security label system, 
which dynamically composes a set of rules defined by a security policy. Security labels are attached to all objects, including files, directories, and devices. 
Sometime roles to subjects (based on their attributes) are assigned as well. RUBAC meets the business needs as well as the technical needs of controlling service 
access. It allows business rules to be applied to access control??for example, customers who have overdue balances may be denied service access. As a 
mechanism for MAC, rules of RUBAC cannot be changed by users. The rules can be established by any attributes of a system related to the users such as 
domain, host, protocol, network, or IP addresses. For example, suppose that a user wants to access an object in another network on the other side of a router. The 
router employs RUBAC with the rule composed by the network addresses, domain, and protocol to decide whether or not the user can be granted access. If 
employees change their roles within the organization, their existing authentication credentials remain in effect and do not need to be re configured. Using rules in 
conjunction with roles adds greater flexibility because rules can be applied to people as well as to devices. Rule-based access control can be combined with role- 
based access control, such that the role of a user is one of the attributes in rule setting. Some provisions of access control systems have rule- based policy 
engines in addition to a role-based policy engine and certain implemented dynamic policies [Des03]. For example, suppose that two of the primary types of 
software users are product engineers and quality engineers. Both groups usually have access to the same data, but they have different roles to perform in relation 
to the data and the application's function. In addition, individuals within each group have different job responsibilities that may be identified using several types of 
attributes such as developing programs and testing areas. Thus, the access decisions can be made in real time by a scripted policy that regulates the access 
between the groups of product engineers and quality engineers, and each individual within these groups. Rules can either replace or complement role-based 
access control. However, the creation of rules and security policies is also a complex process, so each organization will need to strike the appropriate balance. 
References used for this question: http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf and 

AlO v3 p162-167 and OIG (2007) p.186-191 

also 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 100 
- (Topic 1) 
In addition to the accuracy of the biometric systems, there are other factors that must also be considered: 


A. These factors include the enrollment time and the throughput rate, but not acceptability. 

B. These factors do not include the enrollment time, the throughput rate, and acceptability. 

C. These factors include the enrollment time, the throughput rate, and acceptability. 

D. These factors include the enrollment time, but not the throughput rate, neither the acceptability. 


Answer: C 


Explanation: 

In addition to the accuracy of the biometric systems, there are other factors that must also be considered. 

These factors include the enrollment time, the throughput rate, and acceptability. Enrollment time is the time it takes to initially "register" with a system by providing 
samples 

of the biometric characteristic to be evaluated. An acceptable enrollment time is around two 

minutes. 
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For example, in fingerprint systems, the actual fingerprint is stored and requires approximately 250kb per finger for a high quality image. This level of information is 
required for one-to-many searches in forensics applications on very large databases. 

In finger-scan technology, a full fingerprint is not stored-the features extracted from this fingerprint are stored using a small template that requires approximately 
500 to 1000 bytes of storage. The original fingerprint cannot be reconstructed from this template. 

Updates of the enrollment information may be required because some biometric characteristics, such as voice and signature, may change with time. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37 & 
38. 


NEW QUESTION 105 
- (Topic 1) 
In biometrics, "one-to-many" search against database of stored biometric images is done in: 


A. Authentication 

B. Identification 

C. Identities 

D. Identity-based access control 


Answer: B 


Explanation: 
In biometrics, identification is a "one-to-many" search of an individual's characteristics from a database of stored images. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38. 


NEW QUESTION 109 
- (Topic 1) 
Who developed one of the first mathematical models of a multilevel-security computer system? 


A. Diffie and Hellman. 
B. Clark and Wilson. 

C. Bell and LaPadula. 
D. Gasser and Lipner. 


Answer: C 


Explanation: 

In 1973 Bell and LaPadula created the first mathematical model of a multi- level security system. 

The following answers are incorrect: 

Diffie and Hellman. This is incorrect because Diffie and Hellman was involved with cryptography. 

Clark and Wilson. This is incorrect because Bell and LaPadula was the first model. The Clark-Wilson model came later, 1987. 
Gasser and Lipner. This is incorrect, it is a distractor. Bell and LaPadula was the first model. 


NEW QUESTION 111 

- (Topic 1) 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating: 


A. Lower False Rejection Rate (FRR) 
B. Higher False Rejection Rate (FRR) 
C. Higher False Acceptance Rate (FAR) 
D. It will not affect either FAR or FRR 


Answer: B 


Explanation: 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has a higher False Rejection Rate (FRR). 

Conversely, if the sensitivity is decreased, the False Acceptance Rate (FRR) will increase. Thus, to have a valid measure of the system performance, the Cross 
Over Error (CER) rate is used. The Crossover Error Rate (CER) is the point at which the false rejection rates and the false acceptance rates are equal. The lower 
the value of the CER, the more accurate the system. 

There are three categories of biometric accuracy measurement (all represented as percentages): 

False Reject Rate (a Type | Error): When authorized users are falsely rejected as unidentified or unverified. 

False Accept Rate (a Type II Error): When unauthorized persons or imposters are falsely accepted as authentic. 

Crossover Error Rate (CER): The point at which the false rejection rates and the false acceptance rates are equal. The smaller the value of the CER, the more 
accurate the system. 

NOTE: 

Within the ISC2 book they make use of the term Accept or Acceptance and also Reject or Rejection when referring to the type of errors within biometrics. Below 
we make use of Acceptance and Rejection throughout the text for conistency. However, on the real exam you could see either of the terms. 

Performance of biometrics 

Different metrics can be used to rate the performance of a biometric factor, solution or application. The most common performance metrics are the False 
Acceptance Rate FAR and the False Rejection Rate FRR. 

When using a biometric application for the first time the user needs to enroll to the system. The system requests fingerprints, a voice recording or another biometric 
factor from the 

operator, this input is registered in the database as a template which is linked internally to a user ID. The next time when the user wants to authenticate or identify 
himself, the biometric input provided by the user is compared to the template(s) in the database by a matching algorithm which responds with acceptance (match) 
or rejection (no match). 

FAR and FRR 

The FAR or False Acceptance rate is the probability that the system incorrectly authorizes a non-authorized person, due to incorrectly matching the biometric input 
with a valid template. The FAR is normally expressed as a percentage, following the FAR definition this is the percentage of invalid inputs which are incorrectly 
accepted. 

The FRR or False Rejection Rate is the probability that the system incorrectly rejects access to an authorized person, due to failing to match the biometric input 
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provided by the user with a stored template. The FRR is normally expressed as a percentage, following the FRR definition this is the percentage of valid inputs 
which are incorrectly rejected. 

FAR and FRR are very much dependent on the biometric factor that is used and on the technical implementation of the biometric solution. Furthermore the FRR is 
strongly person dependent, a personal FRR can be determined for each individual. 

Take this into account when determining the FRR of a biometric solution, one person is insufficient to establish an overall FRR for a solution. Also FRR might 
increase due to environmental conditions or incorrect use, for example when using dirty fingers on a fingerprint reader. Mostly the FRR lowers when a user gains 
more experience in how to use the biometric device or software. 

FAR and FRR are key metrics for biometric solutions, some biometric devices or software even allow to tune them so that the system more quickly matches or 
rejects. Both FRR and FAR are important, but for most applications one of them is considered most important. Two examples to illustrate this: 

When biometrics are used for logical or physical access control, the objective of the application is to disallow access to unauthorized individuals under all 
circumstances. It is clear that a very low FAR is needed for such an application, even if it comes at the price of a higher FRR. 

When surveillance cameras are used to screen a crowd of people for missing children, the objective of the application is to identify any missing children that come 
up on the screen. When the identification of those children is automated using a face recognition software, this software has to be set up with a low FRR. As such 
a higher number of matches will be false positives, but these can be reviewed quickly by surveillance personnel. 

False Acceptance Rate is also called False Match Rate, and False Rejection Rate is sometimes referred to as False Non-Match Rate. 

crossover error rate 


Sensitivity 


crossover error rate 

Above see a graphical representation of FAR and FRR errors on a graph, indicating the CER 

CER 

The Crossover Error Rate or CER is illustrated on the graph above. It is the rate where both FAR and FRR are equal. 

The matching algorithm in a biometric software or device uses a (configurable) threshold which determines how close to a template the input must be for it to be 
considered a match. This threshold value is in some cases referred to as sensitivity, it is marked on the X axis of the plot. When you reduce this threshold there will 
be more false acceptance errors (higher FAR) and less false rejection errors (lower FRR), a higher threshold will lead to lower FAR and higher FRR. 

Speed 

Most manufacturers of biometric devices and softwares can give clear numbers on the time it takes to enroll as well on the time for an individual to be 
authenticated or identified using their application. If soeed is important then take your time to consider this, 5 seconds might seem a short time on paper or when 
testing a device but if hundreds of people will use the device multiple times a day the cumulative loss of time might be significant. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third 

Edition ((ISC)2 Press) (Kindle Locations 2723-2731). Auerbach Publications. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 

and 

http :/Awww.biometric-solutions.com/index.php?story=performance_biometrics 


NEW QUESTION 112 
- (Topic 1) 
What are the components of an object's sensitivity label? 


A. A Classification Set and a single Compartment. 
B. A single classification and a single compartment. 
C. A Classification Set and user credentials. 

D. A single classification and a Compartment Set. 


Answer: D 


Explanation: 

Both are the components of a sensitivity label. The following are incorrect: 

A Classification Set and a single Compartment. Is incorrect because the nomenclature "Classification Set” is incorrect, there only one classifcation and it is not a 
"single compartment" but a Compartment Set. 

A single classification and a single compartment. Is incorrect because while there only is one classifcation, it is not a "single compartment" but a Compartment Set. 
A Classification Set and user credentials. Is incorrect because the nomenclature "Classification Set" is incorrect, there only one classifcation and it is not "user 
credential” but a Compartment Set. The user would have their own sensitivity label. 


NEW QUESTION 113 
- (Topic 1) 
Which of the following is the WEAKEST authentication mechanism? 


A. Passphrases 

B. Passwords 

C. One-time passwords 
D. Token devices 


Answer: B 


Explanation: 
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Most of the time users usually choose passwords which can be guessed , hence passwords is the BEST answer out of the choices listed above. 
The following answers are incorrect because : 

Passphrases is incorrect as it is more secure than a password because it is longer. 

One-time passwords is incorrect as the name states , it is good for only once and cannot be reused. 

Token devices is incorrect as this is also a password generator and is an one time 

password mechanism. 

Reference : Shon Harris AlO v3 , Chapter-4 : Access Control , Page : 139 , 142. 


NEW QUESTION 118 
- (Topic 1) 
Which of the following is true about Kerberos? 


A. It utilizes public key cryptography. 

B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. 
C. It depends upon symmetric ciphers. 

D. It is a second party authentication system. 


Answer: C 


Explanation: 

Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol. It was designed and developed in the mid 1980's by MIT. 
It is considered open source but is copyrighted and owned by MIT. It relies on the user's secret keys. The password is used to encrypt and decrypt the keys. 

The following answers are incorrect: 

It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys 

(symmetric ciphers). 

It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is incorrect because the passwords are not exchanged but used for encryption 
and decryption of the keys. 

It is a second party authentication system. Is incorrect because Kerberos is a third party authentication system, you authenticate to the third party (Kerberos) and 
not the system you are accessing. 

References: 

MIT http://web.mit.edu/kerberos/ 

Wikipedi http://en.wikipedia.org/wiki/Kerberos_%28protocol%29 

OIG CBK Access Control (pages 181 - 184) AlOv3 Access Control (pages 151 - 155) 


NEW QUESTION 122 
- (Topic 1) 
What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate? 


A. False Rejection Rate (FRR) or Type | Error 

B. False Acceptance Rate (FAR) or Type II Error 
C. Crossover Error Rate (CER) 

D. Failure to enroll rate (FTE or FER) 


Answer: C 


Explanation: 

The percentage at which the False Rejection Rate equals the False Acceptance Rate is called the Crossover Error Rate (CER). Another name for the CER is the 
Equal Error Rate (EER), any of the two terms could be used. 

Equal error rate or crossover error rate (EER or CER) 

It is the rate at which both accept and reject errors are equal. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, 
the device with the lowest EER is most accurate. 

The other choices were all wrong answers: 

The following are used as performance metrics for biometric systems: 

false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the 
database. It measures the percent of invalid inputs which are incorrectly accepted. This is when an impostor would be accepted by the system. 

False reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template 
in the database. It measures the percent of valid inputs which are incorrectly rejected. This is when a valid company employee would be rejected by the system. 
Failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality 
inputs. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38. 

and https://en.wikipedia.org/wiki/Biometrics 


NEW QUESTION 125 
- (Topic 1) 
In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because: 


A. people need not use discretion 

B. the access controls are based on the individual's role or title within the organization. 

C. the access controls are not based on the individual's role or title within the organization 
D. the access controls are often based on the individual's role or title within the organization 


Answer: B 


Explanation: 

In an organization where there are frequent personnel changes, non- discretionary access control (also called Role Based Access Control) is useful because the 
access controls are based on the individual's role or title within the organization. You can easily configure a new employee acces by assigning the user to a role 
that has been predefine. The user will implicitly inherit the permissions of the role by being a member of that role. 

These access permissions defined within the role do not need to be changed whenever a new person takes over the role. 
Another type of non-discretionary access control model is the Rule Based Access Control (RBAC or RUBAC) where a global set of rule is uniformly applied to all 
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subjects accessing the resources. A good example of RuBAC would be a firewall. 

This question is a sneaky one, one of the choice has only one added word to it which is often. Reading questions and their choices very carefully is a must for the 
real exam. Reading it twice if needed is recommended. 

Shon Harris in her book list the following ways of managing RBAC: Role-based access control can be managed in the following ways: 

Non-RBAC Users are mapped directly to applications and no roles are used. (No roles being used) 

Limited RBAC Users are mapped to multiple roles and mapped directly to other types of 

applications that do not have role-based access functionality. (A mix of roles for applications that supports roles and explicit access control would be used for 
applications that do not support roles) 

Hybrid RBAC Users are mapped to multiapplication roles with only selected rights assigned to those roles. 

Full RBAC Users are mapped to enterprise roles. (Roles are used for all access being granted) 

NIST defines RBAC as: 

Security administration can be costly and prone to error because administrators usually specify access control lists for each user on the system individually. With 
RBAG, security is managed at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, and each role is assigned 
one or more privileges that are permitted to users in that role. Security administration with RBAC consists of determining the operations that must be executed by 
persons in particular jobs, and assigning employees to the proper roles. Complexities introduced by mutually exclusive roles or role hierarchies are handled by the 
RBAC software, making security administration easier. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32. 

and 

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition McGraw-Hill. and 

http://csrc.nist.gov/groups/SNS/rbac/ 


NEW QUESTION 127 
- (Topic 1) 
What does the (star) integrity axiom mean in the Biba model? 


A. No read up 
B. No write down 
C. No read down 
D. No write up 


Answer: D 


Explanation: 

The (star) integrity axiom of the Biba access control model states that an object at one level of integrity is not permitted to modify an object of a higher level of 
integrity (no write up). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 130 
- (Topic 1) 
What is called a sequence of characters that is usually longer than the allotted number for a password? 


A. passphrase 

B. cognitive phrase 
C. anticipated phrase 
D. Real phrase 


Answer: A 


Explanation: 
A passphrase is a sequence of characters that is usually longer than the allotted number for a password. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, page 37. 


NEW QUESTION 134 
- (Topic 1) 
Which access control model was proposed for enforcing access control in government and military applications? 


A. Bell-LaPadula model 
B. Biba model 

C. Sutherland model 

D. Brewer-Nash model 


Answer: A 


Explanation: 

The Bell-LaPadula model, mostly concerned with confidentiality, was proposed for enforcing access control in government and military applications. It supports 
mandatory access control by determining the access rights from the security levels associated with subjects and objects. It also supports discretionary access 
control by checking access rights from an access matrix. The Biba model, introduced in 1977, the Sutherland model, published in 1986, and the Brewer-Nash 
model, published in 1989, are concerned with integrity. 

Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 11). 


NEW QUESTION 139 

- (Topic 1) 

This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access 
than what is required for the tasks the user needs to fulfill. What best describes this scenario? 


A. Excessive Rights 
B. Excessive Access 
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C. Excessive Permissions 
D. Excessive Privileges 


Answer: D 


Explanation: 

Even thou all 4 terms are very close to each other, the best choice is Excessive Privileges which would include the other three choices presented. 
Reference(s) used for this question: 

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 645. 

and 


NEW QUESTION 142 
- (Topic 1) 
What does the simple integrity axiom mean in the Biba model? 


A. No write down 
B. No read down 
C. No read up 
D. No write up 


Answer: B 


Explanation: 

The simple integrity axiom of the Biba access control model states that a subject at one level of integrity is not permitted to observe an object of a lower integrity 
(no read down). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 145 
- (Topic 1) 
Which of the following is NOT a compensating measure for access violations? 


A. Backups 

B. Business continuity planning 
C. Insurance 

D. Security awareness 


Answer: D 


Explanation: 

Security awareness is a preventive measure, not a compensating measure for access violations. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 50). 


NEW QUESTION 146 
- (Topic 1) 
Which of the following is the FIRST step in protecting data's confidentiality? 


A. Install a firewall 

B. Implement encryption 

C. Identify which information is sensitive 
D. Review all user access rights 


Answer: C 


Explanation: 

In order to protect the confidentiality of the data. The following answers are incorrect because : 

Install a firewall is incorrect as this would come after the information has been identified for sensitivity levels. 
Implement encryption is also incorrect as this is one of the mechanisms to protect the data once it has been identified. 
Review all user access rights is also incorrect as this is also a protection mechanism for the identified information. 
Reference : Shon Harris AlO v3 , Chapter-4 : Access Control , Page : 126 


NEW QUESTION 150 
- (Topic 1) 
What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics? 


A. Biometrics 

B. Micrometrics 

C. Macrometrics 
D. MicroBiometrics 


Answer: A 


Explanation: 

The Answer Biometrics; Biometrics are defined as an automated means of identifying or authenticating the identity of a living person based on physiological or 
behavioral characteristics. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 
37,38. 
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NEW QUESTION 155 

- (Topic 1) 

Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, 
challenge-response, and arbitrary dialog sequences? 


A. Extensible Authentication Protocol 

B. Challenge Handshake Authentication Protocol 
C. Remote Authentication Dial-In User Service 
D. Multilevel Authentication Protocol. 


Answer: A 


Explanation: 

RFC 2828 (Internet Security Glossary) defines the Extensible Authentication Protocol as a framework that supports multiple, optional authentication mechanisms 
for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences. It is intended for use primarily by a host or router that connects to a 
PPP network server via switched circuits or dial-up lines. The Remote Authentication Dial-In User Service (RADIUS) is defined as an Internet protocol for carrying 
dial-in user's authentication information and configuration information between a shared, centralized authentication server and a network access server that needs 
to authenticate the users of its network access ports. The other option is a distracter. 

Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. 


NEW QUESTION 158 
- (Topic 1) 
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with: 


A. Preventive/physical 

B. Detective/technical 

C. Detective/physical 

D. Detective/administrative 


Answer: C 


Explanation: 
Detective/physical controls usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 163 
- (Topic 1) 
What is one disadvantage of content-dependent protection of information? 


A. It increases processing overhead. 

B. It requires additional password entry. 

C. It exposes the system to data locking. 

D. It limits the user's individual address space. 


Answer: A 


Explanation: 
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 


NEW QUESTION 164 
- (Topic 1) 
When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED? 


A. Type | error 

B. Type Il error 

C. Type Ill error 
D. Crossover error 


Answer: B 


Explanation: 

When the biometric system accepts impostors who should have been rejected , it is called a Type II error or False Acceptance Rate or False Accept Rate. 
Biometrics verifies an individual??s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of 
verifying identification. 

Biometrics is a very sophisticated technology; thus, it is much more expensive and complex than the other types of identity verification processes. A biometric 
system can make authentication decisions based on an individual??s behavior, as in signature dynamics, but these can change over time and possibly be forged. 
Biometric systems that base authentication decisions on physical attributes (iris, retina, fingerprint) provide more accuracy, because physical attributes typically 
don??t change much, absent some disfiguring injury, and are harder to impersonate. 

When a biometric system rejects an authorized individual, it is called a Type | error (False Rejection Rate (FRR) or False Reject Rate (FRR)). 

When the system accepts impostors who should be rejected, it is called a Type II error (False Acceptance Rate (FAR) or False Accept Rate (FAR)). Type II errors 
are the most dangerous and thus the most important to avoid. 

The goal is to obtain low numbers for each type of error, but When comparing different biometric systems, many different variables are used, but one of the most 
important metrics is the crossover error rate (CER). 

The accuracy of any biometric method is measured in terms of Failed Acceptance Rate (FAR) and Failed Rejection Rate (FRR). Both are expressed as 
percentages. The FAR is the rate at which attempts by unauthorized users are incorrectly accepted as valid. The FRR is just the opposite. It measures the rate at 
which authorized users are denied access. 

The relationship between FRR (Type |) and FAR (Type II) is depicted in the graphic below . As one rate increases, the other decreases. The Cross-over Error Rate 
(CER) is sometimes considered a good indicator of the overall accuracy of a biometric system. This 

is the point at which the FRR and the FAR have the same value. Solutions with a lower CER are typically more accurate. 
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See graphic below from Biometria showing this relationship. The Cross-over Error Rate (CER) is also called the Equal Error Rate (EER), the two are synonymous. 


FAR FRR 


EER 


Percentage of times a false reject (FRR) 


and false accept (FAR) 


Treshold 


C:\Users\MCS\Desktop\1.jpog Cross Over Error Rate 

The other answers are incorrect: 

Type | error is also called as False Rejection Rate where a valid user is rejected by the system. 

Type Ill error : there is no such error type in biometric system. 

Crossover error rate stated in percentage , represents the point at which false rejection equals the false acceptance rate. 
Reference(s) used for this question: http://www.biometria.sk/en/principles-of-biometrics.html 

and 

Shon Harris, CISSP All In One (AIO), 6th Edition , Chapter 3, Access Control, Page 188- 189 

and 

Tech Republic, Reduce Multi_Factor Authentication Cost 


NEW QUESTION 168 
- (Topic 1) 
What is the main focus of the Bell-LaPadula security model? 


A. Accountability 
B. Integrity 

C. Confidentiality 
D. Availability 


Answer: C 


Explanation: 

The Bell-LaPadula model is a formal model dealing with confidentiality. 

The Bell?CLaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications. It was 
developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD) 
multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use 
security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive (e.g., 
"Unclassified" or "Public”). 

The Bell?CLaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes 
rules for the protection of data integrity. In this formal model, the entities in an information system are divided into subjects and objects. 

The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby 
inductively proving that the system satisfies the security objectives of the model. The Bell?CLaPadula model is built on the concept of a state machine with a set of 
allowable states in a computer network system. The transition from one state to another state is defined by transition functions. 

A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a security policy. To determine whether a 
specific access mode is allowed, the clearance of a subject is compared to the classification of the object (more precisely, to the combination of classification and 
set of compartments, making up the security level) to determine if the subject is authorized for the specific access mode. 

The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory access control (MAC) rules and one discretionary access 
control (DAC) rule with three security properties: 

The Simple Security Property - a subject at a given security level may not read an object at 

a higher security level (no read-up). 

The -property (read "star"-property) - a subject at a given security level must not write to any object at a lower security level (no write-down). The -property is also 
known as the Confinement property. 

The Discretionary Security Property - use of an access matrix to specify the discretionary access control. 

The following are incorrect answers: 

Accountability is incorrect. Accountability requires that actions be traceable to the user that performed them and is not addressed by the Bell-LaPadula model. 
Integrity is incorrect. Integrity is addressed in the Biba model rather than Bell-Lapadula. Availability is incorrect. Availability is concerned with assuring that 
data/services are available to authorized users as specified in service level objectives and is not addressed by the Bell-Lapadula model. 

References: CBK, pp. 325-326 

AlO3, pp. 279 - 284 

AlOv4 Security Architecture and Design (pages 333 - 336) AlOv5 Security Architecture and Design (pages 336 - 338) 

Wikipedia at https://en.wikipedia.org/wiki/Bell-La_Padula_model 


NEW QUESTION 170 
- (Topic 1) 
What security model implies a central authority that define rules and sometimes global rules, dictating what subjects can have access to what objects? 


A. Flow Model 

B. Discretionary access control 

C. Mandatory access control 

D. Non-discretionary access control 
Answer: D 


Explanation: 
As a security administrator you might configure user profiles so that users cannot change the system??s time, alter system configuration files, access a command 
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prompt, or install unapproved applications. This type of access control is referred to as nondiscretionary, meaning that access decisions are not made at the 
discretion of the user. Nondiscretionary access controls are put into place by an authoritative entity (usually a security administrator) with the goal of protecting the 
organization??s most critical assets. 

Non-discretionary access control is when a central authority determines what subjects can have access to what objects based on the organizational security policy. 
Centralized access control is not an existing security model. 

Both, Rule Based Access Control (RUBAC or RBAC) and Role Based Access Controls (RBAC) falls into this category. 

Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 221). McGraw- Hill. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access 
control systems (page 33). 


NEW QUESTION 175 
- (Topic 1) 
What does it mean to say that sensitivity labels are "incomparable"? 


A. The number of classification in the two labels is different. 
B. Neither label contains all the classifications of the other. 
C. the number of categories in the two labels are different. 
D. Neither label contains all the categories of the other. 


Answer: D 


Explanation: 

If a category does not exist then you cannot compare it. Incomparable is when you have two disjointed sensitivity labels, that is a category in one of the labels is 
not in the other label. "Because neither label contains all the categories of the other, the labels can't be compared. They're said to be incomparable" 
COMPARABILITY: 

The label: 

TOP SECRET [VENUS ALPHA] 

is "higher" than either of the labels: 

SECRET [VENUS ALPHA] TOP SECRET [VENUS] 

But you can't really say that the label: 

TOP SECRET [VENUS] 

is higher than the label: 

SECRET [ALPHA] 

Because neither label contains all the categories of the other, the labels can't be compared. They're said to be incomparable. In a mandatory access control 
system, you won't be allowed access to a file whose label is incomparable to your clearance. 

The Multilevel Security policy uses an ordering relationship between labels known as the dominance relationship. Intuitively, we think of a label that dominates 
another as being "higher" than the other. Similarly, we think of a label that is dominated by another as being "lower" than the other. The dominance relationship is 
used to determine permitted operations and information flows. 

DOMINANCE 
The dominance relationship is determined by the ordering of the Sensitivity/Clearance component of the label and the intersection of the set of Compartments. 
Sample Sensitivity/Clearance ordering are: 

Top Secret > Secret > Confidential > Unclassified s3 > s2 > s1 > s0 

Formally, for label one to dominate label 2 both of the following must be true: The sensitivity/clearance of label one must be greater than or equal to the 

sensitivity/clearance of label two. 

The intersection of the compartments of label one and label two must equal the compartments of label two. 

Additionally: 

Two labels are said to be equal if their sensitivity/clearance and set of compartments are exactly equal. Note that dominance includes equality. 
One label is said to strictly dominate the other if it dominates the other but is not equal to the other. 

Two labels are said to be incomparable if each label has at least one compartment that is not included in the other's set of compartments. 

The dominance relationship will produce a partial ordering over all possible MLS labels, resulting in what is known as the MLS Security Lattice. 
The following answers are incorrect: 

The number of classification in the two labels is different. Is incorrect because the categories are what is being compared, not the classifications. 
Neither label contains all the classifications of the other. Is incorrect because the categories are what is being compared, not the classifications. 
the number of categories in the two labels is different. Is incorrect because it is possibe a category exists more than once in one sensitivity label and does exist in 
the other so they would be comparable. 

Reference(s) used for this question: 

OReilly - Computer Systems and Access Control (Chapter 3) http://www.oreilly.com/catalog/csb/chapter/ch03.html! 
and http://rubix.com/cms/mls_dom 


NEW QUESTION 177 
- (Topic 1) 
Kerberos is vulnerable to replay in which of the following circumstances? 


A. When a private key is compromised within an allotted time window. 
B. When a public key is compromised within an allotted time window. 
C. When a ticket is compromised within an allotted time window. 

D. When the KSD is compromised within an allotted time window. 


Answer: C 


Explanation: 

Replay can be accomplished on Kerberos if the compromised tickets are 

used within an allotted time window. 

The security depends on careful implementation:enforcing limited lifetimes for authentication credentials minimizes the threat of of replayed credentials, the KDC 
must be physically secured, and it should be hardened, not permitting any non-kerberos activities. 

Reference: 

Official ISC2 Guide to the CISSP, 2007 Edition, page 184 also see: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 42. 
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NEW QUESTION 178 
- (Topic 1) 
Sensitivity labels are an example of what application control type? 


A. Preventive security controls 

B. Detective security controls 

C. Compensating administrative controls 
D. Preventive accuracy controls 


Answer: A 


Explanation: 

Sensitivity labels are a preventive security application controls, such as are firewalls, reference monitors, traffic padding, encryption, data classification, one-time 
passwords, contingency planning, separation of development, application and test environments. 

The incorrect answers are: 

Detective security controls - Intrusion detection systems (IDS), monitoring activities, and audit trails. 

Compensating administrative controls - There no such application control. Preventive accuracy controls - data checks, forms, custom screens, validity checks, 
contingency planning, and backups. Sources: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: 
Applications and Systems Development (page 264). 

KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Application Controls, Figure 7.1 (page 360). 


NEW QUESTION 183 
- (Topic 1) 
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? 


A. Wave pattern motion detectors 
B. Capacitance detectors 

C. Field-powered devices 

D. Audio detectors 


Answer: B 


Explanation: 

Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather 
than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate and 
alarm. Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the pattern is disturbed as it is reflected back to its receiver. Field- 
powered devices are a type of personnel access control devices. Audio detectors simply monitor a room for any abnormal sound wave generation and trigger an 
alarm. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: 
Physical security (page 344). 


NEW QUESTION 184 

- (Topic 1) 

What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to 
both the local police/fire station and the appropriate headquarters? 


A. Central station alarm 

B. Proprietary alarm 

C. A remote station alarm 
D. An auxiliary station alarm 


Answer: D 


Explanation: 

Auxiliary station alarms automatically cause an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying 
to both the local police/fire station and the appropriate headquarters. They are usually Municipal Fire Alarm Boxes are installed at your business or building, they 
are wired directly into the fire station. 

Central station alarms are operated by private security organizations. It is very similar to a proprietary alarm system (see below). However, the biggest difference is 
the monitoring and receiving of alarm is done off site at a central location manned by non staff members. It is a third party. 

Proprietary alarms are similar to central stations alarms except that monitoring is performed directly on the protected property. This type of alarm is usually use to 
protect large industrials or commercial buildings. Each of the buildings in the same vincinity has their own alarm system, they are all wired together at a central 
location within one of the building acting as a common receiving point. This point is usually far away from the other building so it is not under the same danger. It is 
usually man 24 hours a day by a trained team who knows how to react under different conditions. 

A remote station alarm is a direct connection between the signal-initiating device at the protected property and the signal-receiving device located at a remote 
station, such as the fire station or usually a monitoring service. This is the most popular type of implementation and the owner of the premise must pay a monthly 
monitoring fee. This is what most people use in their home where they get a company like ADT to receive the alarms on their behalf. 

A remote system differs from an auxiliary system in that it does not use the municipal fire of police alarm circuits. 

Reference(s) used for this question: 

ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 11: Physical Security (page 211). 

and 

Great presentation J.T.A. Stone on SlideShare 


NEW QUESTION 186 
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